Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.

Windows 2000 includes a new service called the Windows Installer Service that is responsible for managing the installation and removal of applications. The Windows Installer service works in conjunction with a new application package format, the .msi file. An msi file is a package that contains all the necessary instructions to install an application on a computer. This includes which registry entries should be added or changed, which files should be copied to which locations, which shortcuts should be created, and so forth. This technology can allow an application to be deployed without any user intervention whatsoever. Note that the msi file doesn’t actually contain all of the files to be deployed. Instead, it contains the instructions for how the application is to be deployed. Benefits of the msi and Windows Installer method of installing software include self-healing and resilience of applications. That is, if a user were to accidentally delete or remove files associated with a deployed application, the application will go back to it’s installation source (assuming it is available), and will automatically fix itself.

Many applications are now distributed with setup.msi files. However, you can also create your own msi packages using a variety of software packages. The Windows 2000 CD provides a Veritas repackaging application, WinInstall LE, which can be used to create msi-based application packages.

If you have Windows 2000 Active Directory installed, packages can be distributed via group policy to either users or computers. Although I’ll reserve going into all the details until the Server portion of the series, here are the basic details for now:

Packages distributed via group policy (using Active Directory) do not need elevated privileged to be installed. As such, a regular user can invoke the installation of a package without needing to be an administrator, for example.

Packages can be assigned or published to users or computers via group policy. If assigned to a computer, the package is installed when the computer reboots. If assigned to a user, the package is not installed, but appears to be (as a shortcut on the start menu). When the user clicks the shortcut, the package is installed. If published to a user, the software is available to be installed via Add/Remove programs (or automatically when the user clicks on a file extension associated with that program). Packages cannot be published to a computer.

If a program cannot be repackaged, it can still be deployed via group policy with a .zap file. A zap file is a text file that contains instructions on how to install an application. A user needs elevated privileges to install an application deployed with a zap file. A zap file can only be used to publish an application to a user.

Windows 2000 maintains a user’s desktop configuration and environment settings in what is called a user profile. Settings found in a user profile include things like the wallpaper the user has set, the placement of the icons on their desktop, mouse settings and so forth. In Windows 2000, a user’s profile can be found under the folder Documents and Settings, in a folder that maps to their user name.

If the system has been upgraded from NT 4, however, profiles will still be found under the %systemroot%\profiles folder. By default, all user profiles are local. That means that when a user logs on to a system for the first time, they receive a new profile, and any changes they make are stored on that machine only. By contrast, you can also store user profiles on a server such that they follow users as they move from machine to machine. These are referred to as roaming profiles. When a user logs off a system, their settings (including any changes they have made) are saved back to the central server. Note that certain folders, such as My Pictures and My Documents, are part of the user profile. As such, if you are using roaming profiles, and a user has a number of large files in these folders, it can cause significant network disruption. However, Windows 2000 does keep a locally cached copy of roaming profiles on a system. As such, if a user has a large roaming profile and usually uses the same machine, only the changes are copied back and forth, not the entire profile every time they log on. Roaming profiles are configured in the properties of a user account (on the Profile tab), by providing a UNC path to where the profile is stored such as \\server2\profiles\dan. In order to make things simpler, consider setting user accounts up for roaming profiles by using the %username% variable instead of the actual user name. This will automatically create a profile location on the server with the same name as that of the user (if you do this, only the administrator and user will have full control over the profile by default if the target volume is formatted NTFS). If you want to take an existing local profile and change it to roaming, you must set the properties on the user account as mentioned above, as well as copy the local profile to the server using the Copy To button on the Profiles tab in the System Program.

As in NT 4, you can still make a profile mandatory (unchangeable) by renaming the Ntuser.dat file in the profile to Ntuser.man.

Windows 2000 provides the ability to access an advanced troubleshooting environment referred to as the Recovery Console. This tool, which is not installed by default, can be installed by running the winnt32 /cmdcons command. This option provides a command-line interface, similar to DOS, but with a more limited command set available. The recovery console will allow you to start and stop services, fix the master boot record, replace files, and so forth. However, there are certain things it will not allow you to do, such as edit a file. If you needed to do this, you would have to copy the file to a floppy, and edit it on another system. If you have not installed the Recovery Console in advance and need to use it, can still be accessed by booting the system using the Windows 2000 CD, choosing the option to repair Windows 2000, and then starting the Recovery Console.

If already installed, you can access the Recovery Console by rebooting and choosing the Recovery Console option from the boot loader menu. After it starts, you must log on with the local administrator account name and password. Remember that the recovery console provides access only to a limited set of commands, such as fixmbr (to fix the master boot record), format, disable (service or device driver) and so forth. For a complete list of supported commands, see this recovery console command reference.

Some of the familiar startup options from NT 4, along with a whole range of other options that you may be familiar with from Windows 9x are now available in Windows 2000. Pressing F8 when prompted during the boot process accesses the advanced startup menu. Many of the options are useful is a system is not capable of booting correctly due to driver and service issues. The list below outlines the choices you will be presented with and their associated uses.

Safe Mode with Networking: As above, but including networking support.

Safe Mode with Command Prompt: Same as Safe Mode, except that it boots to the command prompt instead of the GUI.

Enable Boot Logging: Starts all drivers and services, and logs details to a file called Ntbtlog.txt in the %systemroot% directory (this file is also created when any of the safe mode options are chosen – it can be an important source of troubleshooting information).

Last Known Good Configuration: Boots Windows 2000 using the last known good registry configuration, which would have been created at the last successful logon. This option should be used prior to attempting an emergency repair using the ERD.

Directory Services Restore Mode: For domain controllers only, this option is used to restore the Active Directory and/or the Sysvol folder.

Debugging Mode: Boots the system normally, but sends debugging information to another system connected via a serial cable.

Data backup and recovery in Windows 2000 is accomplished via the Backup program, ntbackup.exe. The new program includes the ability to backup up to different types of media (tape drive, CDR, zip drive, etc), as well as the ability to have backups span media (multiple zip drives, etc). Perhaps the greatest benefit is the ability to schedule a backup – something that was sorely missing (unless you wrote a batch file and scheduled it with the AT command) in NT 4 – in Windows 2000 this is done via integration with the Task Scheduler. Backup and restore operations can be carried out by explicitly choosing files and folders if you’re familiar with the process, or by a wizard if you are not.

In order to backup files and folders, you must have appropriate rights and / or permissions. Users may back up their own files, as well as those to which the have the NTFS Read permission. Users may only restore their own files or ones to which the have the NTFS Write permission. Administrators and members of the Backup Operators group have the right to backup and restore files (as do Server Operators on a server), including those to which they have no access.

There are 5 different types of backups you should know about. Note that some backups set or clear a ‘marker’. The marker is the archive attribute on the file or folder being backed up. The 5 types of backups are looked at below:

Normal: Backs up all selected files and folders, and clears all markers.

Differential: Backs up all selected files and folders that have changed since the last Normal backup, and does not clear markers.

Incremental: Backs up all selected files and folders that have changed since the most recent Incremental or Normal backup. It does clear markers.

Copy: Copies all selected files and folders, and does not clear markers.

Daily: Backs up all selected files and folders that have changed on that day, and does not clear markers.

Remembering the backup types is easy. Using a Differential backup strategy means that backups take a little longer, but restores tend to be quicker. An Incremental backup strategy generally means faster backups and a lengthier restore period.

A familiar tool still exists in Windows 2000 for monitoring performance, although it now carries a new name. The Performance tool is actually a combination of two different MMC snap-ins: System Monitor, and Performance Logs and Alerts. Combined, they essentially form Performance Monitor from NT 4.

Performance Monitor Logs and Alerts allows you to configure both logs (which collect information on performance counters you specify) and alerts (which allow you to specify a course of action once the thresholds you define are reached). A log records data over a period of time, and is usually used for analysis purposes, such as tracking resource usage trends and creating baseline measurements. You can later import this logged data into a spreadsheet or the System Monitor program for analysis. Two types of logs exist: Counter logs and Trace logs. A Counter log measures object performance counters at defined intervals. A Trace log is mostly used for debugging or error tracking, and records data only when certain errors (such as a page fault) occur. Note that running logs appear with a green icon, and that stopped logs appear in red. Alerts can also be configured according to when a certain threshold is reached. For example, you could set an alert to be triggered when processor utilization exceeds 80 percent. Further to this, you can control what happens when the alert is triggered.

Usually we want to optimize performance for applications on Windows 2000 Professional (default) and for background services on Server (default).

However, another area to consider when configuring for performance is the system’s virtual memory, or page file settings. In Windows 2000, the page file size is automatically set to 1.5 times the amount of RAM present in the system by default, but this can be changed. The page file exists physically as the file pagefile.sys in your %systemroot% partition (the partition containing your WINNT directory). To improve page file performance consider moving it to a partition other than the system or boot partition, split evenly across multiple physical disks (except the system or boot partitions), or on its own fast under-utilized drive. Also consider setting the initial and maximum paging file sizes to the same value to avoid the performance costs associated with dynamically resizing the page file on the fly.

As far as application performance and responsiveness is concerned, applications can still be configured to run at different priorities. This can be controlled by either starting an application from the command line (using the start command with the /low, /belownormal, /normal, /abovenormal, /high, or /realtime switches), or by changing an application’s priority using Task Manager. Only an administrator can start set a program to run using the realtime priority.

Task Manager still allows familiar features, including the ability to start or stop applications or processes, as well as get quick statistics with respect to memory and processor usage. The program now also includes the ability to view the difference between user mode and kernel mode resource usage with the Show Kernel Times option on the View menu. Kernel mode resource usage will appear in red.

While we’ve already discussed the offline caching of files, this section involves a look at the synchronization settings relating to offline files and how they can be configured and controlled. Synchronization Manager allows you to control how and when offline files are synchronized. You can find the utility via the Synchronize option on the Tools menu in Windows Explorer. Options include synchronizing offline files, folders, and web pages at logon/logoff, when the system is idle, or at a scheduled time. You may, for example, choose only to synchronize a certain folder, instead of all offline items. You can also control whether synchronization occurs based on the type of connection. For example, you may want to synchronize when connected via the LAN, but not when connected via a dial-up connection.

The Synchronization process also handles file conflicts. For example, let’s say that you synchronize a directory and then disconnect your system from the network (a laptop). If you change a file while offline, Windows 2000 will automatically replace the network version with your newer version once you reconnect and synchronize, assuming the network version hadn’t changed. If another user had also changed it while you were offline, Synchronization Manager would ask how you would like to proceed. It allows you to view both copies of the file, and decide on an appropriate course of action. You could keep both files (renaming one), overwrite the network copy with yours, or overwrite your copy with the new network copy.

While Windows NT 4 relied on the AT command for the purpose of scheduling tasks, Windows 2000 actually includes the Task Scheduler utility. This tool allows you to schedule a program, script, or backup to run, according to the schedule you provide. Accessible via Control Panel (Scheduled Tasks) or the Accessories menu, you can schedule tasks to run once, daily, weekly, monthly, when the PC starts, or when a user logs on. A few important notes about the Task Scheduler:

You can schedule a task to run with elevated privileges. That is, you can specify that a task run using the Administrator account, even though the locally logged on user does not have the rights to perform a task.

If you change the password of the user whom the task is scheduled to run as, the task will fail. The password associated with a task does not change when the user changes their password. (For this reason, you might consider creating a service account whose password never expires).

In the advanced properties of a scheduled task, you can set things such that a scheduled task will never run when a machine is running off battery power, or that the task should run when the system is idle.

Note that the Task Service can be stopped or restarted – a possible course of action if a task fails and the username / password is not the issue.

Windows 2000 Professional supports up to 2 CPUs for systems that require more processing power. Specifically, Windows 2000 supports Symmetric Multiprocessing (SMP), a setup whereby threads are distributed more or less evenly across system processors. If you installed Windows 2000 Professional on a multiprocessor system, you should have no problems because the proper Hardware Abstraction Layer (HAL) would have been installed during the installation process. However, if you are upgrading a single CPU Windows 2000 Professional system by adding a second CPU, you will need to update the HAL on the system. You do this via Device Manager. Expand the Computer branch, and choose Update Drivers from the Drivers tab in the properties of your device. From the Wizard, choose the ‘Display a list of drivers from…’ option and then ‘Show all Hardware from this device class’. You will be presented with options such as those below. The MPS-compliant driver is for non-ACPI systems. Note that you no longer use the NT 4.0 Uptomp.exe utility to upgrade to multiple processor support.